Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method performed by one or more data processing apparatus, the method comprising: identifying a data movement rule associated with a set of one or more computers, the data movement rule including one or more criteria identifying restricted data movement, and one or more actions to take when a computer from the set of computers violates the data movement rule, the one or more criteria associated with the data movement rule including a data movement threshold specifying an amount of data; detecting a data movement associated with a computer from the set of computers, the data movement including data being transferred from the computer to a destination, wherein at least part of the detecting occurs during the data movement; determining that the detected data movement violates the data movement rule based at least in part on an amount of data associated with the detected data movement exceeding the data movement threshold associated with the data movement rule; and performing the one or more actions associated with the data movement rule upon determining that the data movement violates the data movement rule.
A system monitors data transfers from computers to prevent restricted data movement. It identifies rules specifying criteria for restricted transfers (like exceeding a data amount threshold) and actions to take upon violation. The system detects data moving from a computer to a destination, even during the transfer. It determines if the transfer violates a rule, specifically if the amount of data exceeds the threshold defined in the rule. If a violation is detected, the system performs the actions associated with the rule.
2. The method of claim 1 , wherein the one or more criteria associated with the data movement rule include a data movement destination specifying a location to which data is moving.
In the system for monitoring data transfers, the rules for restricted data movement also include a specific destination where the data is being sent. This destination is part of what defines a data transfer as restricted.
3. The method of claim 2 , wherein the data movement destination includes at least one of: a country, a region, a city, an Internet Protocol (IP) address range, or an enterprise facility.
The system for monitoring data transfers defines the data movement destination as a country, a region, a city, an Internet Protocol (IP) address range, or an enterprise facility. The system can monitor data being sent to any of these specific locations.
4. The method of claim 2 , wherein determining that the data movement violates the data movement rule comprises: determining that an amount of data associated with the data movement is greater than the data movement threshold associated with the data movement rule; and determining that the destination associated with the data movement matches the data movement destination associated with the data movement rule.
In the system for monitoring data transfers, determining if a data transfer violates a rule involves checking two things: the amount of data transferred exceeds a threshold, and the transfer destination matches a restricted destination defined in the rule. Both conditions must be true for a violation to be identified.
5. The method of claim 2 , wherein the data movement destination includes a wildcard destination indicating that data movement to any destination will violate that portion of the data movement restriction.
The system for monitoring data transfers supports defining a "wildcard" destination, meaning any data transfer to any destination is considered a violation of that specific rule. This is useful for prohibiting all data movement from a particular computer or network.
6. The method of claim 2 , wherein determining that the data movement violates the data movement rule includes determining that a data rate associated with the data movement is greater than a data rate threshold associated with the data movement rule.
In the system for monitoring data transfers, determining if a data transfer violates a rule can also include checking if the data transfer rate exceeds a defined threshold. This allows for restricting not just the amount of data, but also how quickly data is being sent.
7. The method of claim 1 , wherein the one or more actions associated with the data movement rule include at least one of: disabling the computer for an amount of time, or alerting an administrator of the data movement.
When the system for monitoring data transfers detects a rule violation, the actions taken can include disabling the offending computer for a certain period or notifying an administrator about the data transfer.
8. The method of claim 1 , wherein detecting the data movement includes determining an amount of data being moved and determining the destination to which the data is being moved.
The system for monitoring data transfers detects data movement by determining the amount of data being transferred and identifying the destination the data is being sent to.
9. The method of claim 8 , wherein determining the destination to which the data is being moved includes geo-locating an IP address to which the data is being moved.
This invention relates to data transfer systems, specifically methods for monitoring and controlling data movement within a network. The problem addressed is the need to accurately identify and verify the destination of data transfers to prevent unauthorized or unintended data movement, such as data exfiltration or leakage. The method involves tracking data transfers within a network and determining the destination to which the data is being moved. A key aspect is geo-locating the IP address of the destination to assess its physical location. This helps in identifying whether the data is being sent to an authorized or suspicious location. The system may also compare the geo-location of the destination IP address against predefined rules or policies to determine if the transfer complies with security protocols. If the destination is flagged as high-risk or unauthorized, the system can block or alert administrators to the transfer. Additionally, the method may involve analyzing the data being transferred to assess its sensitivity or compliance with data protection regulations. The system can then enforce access controls or encryption requirements based on the data type and destination. This approach enhances data security by providing visibility into data movement and ensuring transfers align with organizational policies and legal requirements. The method is particularly useful in enterprise environments where data protection and compliance are critical.
10. The method of claim 1 , wherein the data movement occurs from a private network to a public network.
The data transfers being monitored by the system move from a private network to a public network. The system monitors data leaving a protected network.
11. The method of claim 1 , wherein the data movement occurs from a first private network to a second private network.
The data transfers being monitored by the system move from one private network to another private network. The system monitors data moving between internal networks.
12. A system comprising: a processor configured to execute computer program instructions; and a computer storage medium encoded with computer program instructions that, when executed by the processor, cause the system to perform operations comprising: identifying a data movement rule associated with a set of one or more computers, the data movement rule including one or more criteria identifying restricted data movement, and one or more actions to take when a computer from the set of computers violates the data movement rule, the one or more criteria associated with the data movement rule including a data movement threshold specifying an amount of data; detecting a data movement associated with a computer from the set of computers, the data movement including data being transferred from the computer to a destination, wherein at least part of the detecting occurs during the data movement; determining that the detected data movement violates the data movement rule based at least in part on an amount of data associated with the detected data movement exceeding the data movement threshold associated with the data movement rule; and performing the one or more actions associated with the data movement rule upon determining that the data movement violates the data movement rule.
A system monitors data transfers from computers to prevent restricted data movement. It identifies rules specifying criteria for restricted transfers (like exceeding a data amount threshold) and actions to take upon violation. The system detects data moving from a computer to a destination, even during the transfer. It determines if the transfer violates a rule, specifically if the amount of data exceeds the threshold defined in the rule. If a violation is detected, the system performs the actions associated with the rule. The system includes a processor and a computer storage medium storing instructions to perform these steps.
13. The system of claim 12 , wherein the one or more criteria associated with the data movement rule include a data movement destination specifying a location to which data is moving.
In the system for monitoring data transfers, the rules for restricted data movement also include a specific destination where the data is being sent. This destination is part of what defines a data transfer as restricted.
14. The system of claim 13 , wherein the data movement destination includes at least one of: a country, a region, a city, an Internet Protocol (IP) address range, or an enterprise facility.
The system for monitoring data transfers defines the data movement destination as a country, a region, a city, an Internet Protocol (IP) address range, or an enterprise facility. The system can monitor data being sent to any of these specific locations.
15. The system of claim 13 , wherein determining that the data movement violates the data movement rule comprises: determining that an amount of data associated with the data movement is greater than the data movement threshold associated with the data movement rule; and determining that the destination associated with the data movement matches the data movement destination associated with the data movement rule.
This invention relates to a data security system that monitors and enforces data movement rules within a computing environment. The system detects unauthorized or excessive data transfers by comparing data movement activities against predefined rules. A key aspect is the ability to identify violations based on both the volume of data being moved and the destination of the transfer. The system evaluates whether the amount of data involved in a movement exceeds a specified threshold and whether the destination matches a restricted or monitored location. If both conditions are met, the system determines that the data movement violates the rule, triggering appropriate security actions such as blocking the transfer or alerting administrators. This approach helps prevent data leaks, unauthorized transfers, or excessive data movements that could indicate malicious activity. The system operates by continuously monitoring data movement events, extracting relevant details such as data size and destination, and applying rule-based checks to detect policy violations. The invention enhances data governance by enforcing granular controls over data transfers within an organization.
16. The system of claim 13 , wherein the data movement destination includes a wildcard destination indicating that data movement to any destination will violate that portion of the data movement restriction.
The system for monitoring data transfers supports defining a "wildcard" destination, meaning any data transfer to any destination is considered a violation of that specific rule. This is useful for prohibiting all data movement from a particular computer or network.
17. The system of claim 12 , wherein the one or more actions associated with the data movement rule include at least one of: disabling the computer for an amount of time, or alerting an administrator of the data movement.
When the system for monitoring data transfers detects a rule violation, the actions taken can include disabling the offending computer for a certain period or notifying an administrator about the data transfer.
18. The system of claim 12 , wherein monitoring the data movement includes determining an amount of data being moved and determining the destination to which the data is being moved.
The system for monitoring data transfers detects data movement by determining the amount of data being transferred and identifying the destination the data is being sent to.
19. The system of claim 18 , wherein determining the destination to which the data is being moved includes geo-locating an IP address to which the data is being moved.
The system for monitoring data transfers identifies the data transfer destination by determining the geographic location of the IP address where the data is being sent (geo-locating).
20. The system of claim 12 , wherein the data movement occurs from a private network to a public network.
The data transfers being monitored by the system move from a private network to a public network. The system monitors data leaving a protected network.
Unknown
September 16, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.